CentOS - May 2015 - can't disable tcp6 on centos 7

Tim,

where did you installed this nrpe package? is selinux running enforcing
mode (getenforce command), try disabling with setenforce 0. why you are
running it under xinetd as usual way is to run it as nrped daemon.

test against with check_nrpe, not using telnet.

--
Eero

2015-05-04 2:27 GMT+03:00 Stephen Harris <lists at spuddy.org>:
> On Sun, May 03, 2015 at 07:23:19PM -0400, Tim Dunphy wrote:
> > [root at puppet:~] #telnet localhost 5666
>
> This is using TCP
>
> > [root at monitor1:~] #nmap -p 5666 puppet.mydomain.com
> ...
> > 5666/tcp filtered nrpe
>
> This is using TCP
>
> > Back on the puppet host I verify that the port is open for UDP:
>
> So why are you opening a UDP port?
>
> --
>
> rgds
> Stephen
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
>

Eero,

where did you installed this nrpe package? is selinux running
enforcing
> mode (getenforce command), try disabling with setenforce 0. why you are
> running it under xinetd as usual way is to run it as nrped daemon.
>
For NRPE I usually do a source install with these flags:

./configure
make all
make install-plugin
make install-daemon
make install-daemon-config
make install-xinetd

Rather than a yum install. If I install the nrpe package from yum I don't
find a check_nrpe script on the system for some reason!

I demonstrate this on another system than the ones I've been working with
in this thread:

[root at monitor1:~] #rpm -qa | grep nrpe | grep -v mcollective
nrpe-2.15-2.el7.x86_64

[root at monitor1:~] #find / -name "check_nrpe"
[root at monitor1:~] #


So I'm more comfortable with a source install.

test against with check_nrpe, not using telnet.
>
I actually solved the problem by adding the port to tcp instead of udp on
the puppet host:

firewall-cmd --permanent  --add-port=5666/tcp

Then from the monitoring host:

[root at monitor1:~] #/usr/local/nagios/libexec/check_nrpe -H
puppet.mydomain.com
NRPE v2.15

 So it's all good at this point. I'm not sure why the instructions I
followed said to open up the port under UDP.. Had I just done what I did I
would have saved a lot of trouble..

Thanks for the input guys!! I'm glad the problem is solved now.

On Sun, May 3, 2015 at 7:31 PM, Eero Volotinen <eero.volotinen at iki.fi>
wrote:
> Tim,
>
> where did you installed this nrpe package? is selinux running enforcing
> mode (getenforce command), try disabling with setenforce 0. why you are
> running it under xinetd as usual way is to run it as nrped daemon.
>
> test against with check_nrpe, not using telnet.
>
> --
> Eero
>
> 2015-05-04 2:27 GMT+03:00 Stephen Harris <lists at spuddy.org>:
>
> > On Sun, May 03, 2015 at 07:23:19PM -0400, Tim Dunphy wrote:
> > > [root at puppet:~] #telnet localhost 5666
> >
> > This is using TCP
> >
> > > [root at monitor1:~] #nmap -p 5666 puppet.mydomain.com
> > ...
> > > 5666/tcp filtered nrpe
> >
> > This is using TCP
> >
> > > Back on the puppet host I verify that the port is open for UDP:
> >
> > So why are you opening a UDP port?
> >
> > --
> >
> > rgds
> > Stephen
> > _______________________________________________
> > CentOS mailing list
> > CentOS at centos.org
> > http://lists.centos.org/mailman/listinfo/centos
> >
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
>


-- 
GPG me!!

gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B

On Sun, May 03, 2015 at 08:25:45PM -0400, Tim Dunphy
wrote:
> Rather than a yum install. If I install the nrpe package from yum I
don't
> find a check_nrpe script on the system for some reason!
That's because the 'check_nrpe' command isn't in the nrpe
package.
It's in the nagios-plugins-nrpe package.  The executable is installed,
along side all other nagios check commands, as
/usr/lib64/nagios/plugins/check_nrpe. 

-- 
Jonathan Billings <billings at negate.org>